More cloud security education needed – but shared responsibility message getting through

Organisations still believe their information is safer on-premise rather than in the cloud – and it’s a mindset that IT security firm Barracuda Networks wants to change.

According to the company, who polled more than 600 respondents around their experiences with cloud security, more than four in five (83%) said they were concerned about deploying firewalls in the cloud, while more than half (57%) of EMEA-based respondents said their on-premises security was superior to cloud.

When it came to the struggle around firewalls and cloud, two in five (39%) said pricing and licensing was ‘not appropriate’ for a cloud model, while a third (34%) argued ‘lack of integration prevents cloud automation’. Almost all (93%) respondents who had adopted DevOps-based practices said they faced challenges with security integration.

Evidently there are still challenges which need to be overcome – but what about the positives? Those who have taken the plunge on cloud-specific firewalls say the primary benefits are integration with cloud management, monitoring and automation capabilities, as well as being easy to deploy and configure by cloud developers.

What’s more – if this particular set of respondents are anything to go by – the shared responsibility cloud security message is getting out there. 71% of EMEA respondents said cloud security was a responsibility shared with cloud vendors, with only 19% believing it is the vendor’s responsibility alone.

These figures certainly make for better reading when compared to a Barracuda report from July last year, which expressed concern over organisations’ misinformation. Yet Chris Hill, Barracuda director of public cloud business development, argues education is still needed in other areas.

“There still seems to be a lack of understanding in cloud security, and a misplaced belief that on-premises security is a lot stronger,” wrote Hill in a blog post. “One thing is for sure: as the move to cloud only increases in pace, for organisations that are used to operating under traditional data centre architecture, moving to the cloud will require a new way of thinking when they approach security.”

You can read the full survey results here (email required).